US8423766B2 - Authentication method, authentication apparatus, and computer product - Google Patents

Authentication method, authentication apparatus, and computer product Download PDF

Info

Publication number
US8423766B2
US8423766B2 US11/368,601 US36860106A US8423766B2 US 8423766 B2 US8423766 B2 US 8423766B2 US 36860106 A US36860106 A US 36860106A US 8423766 B2 US8423766 B2 US 8423766B2
Authority
US
United States
Prior art keywords
authentication information
information
arbitrary value
authentication
current
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US11/368,601
Other versions
US20070050631A1 (en
Inventor
Akihiro Shimizu
Takasuke Tsuji
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kochi University of Technology
Original Assignee
Trinity Security Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trinity Security Systems Inc filed Critical Trinity Security Systems Inc
Assigned to TRINITY SECURITY SYSTEMS, INC. reassignment TRINITY SECURITY SYSTEMS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SHIMIZU, AKIHIRO, TSUJI, TAKASUKE
Publication of US20070050631A1 publication Critical patent/US20070050631A1/en
Assigned to TRINITY SECURITY SYSTEMS, INC. reassignment TRINITY SECURITY SYSTEMS, INC. CHANGE OF ADDRESS Assignors: TRINITY SECURITY SYSTEMS, INC.
Application granted granted Critical
Publication of US8423766B2 publication Critical patent/US8423766B2/en
Assigned to TSS LINK, INC reassignment TSS LINK, INC MERGER (SEE DOCUMENT FOR DETAILS). Assignors: TRINITY SECURITY SYSTEMS, INC.
Assigned to KOCHI UNIVERSITY OF TECHNOLOGY, SHIMIZU, AKIHIRO, MR reassignment KOCHI UNIVERSITY OF TECHNOLOGY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TSS LINK, INC
Assigned to TSS LINK, INC reassignment TSS LINK, INC ADDRESS CHANGE Assignors: TSS LINK, INC
Assigned to TSS LINK, INC reassignment TSS LINK, INC ADDRESS CHANGE Assignors: TSS LINK, INC
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/081Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying self-generating credentials, e.g. instead of receiving credentials from an authority or from another peer, the credentials are generated at the entity itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys

Definitions

  • the present invention relates to a technology for an authentication processing for authenticating a communication party or a user in an information communication system.
  • an authenticator server
  • a password authentication method is widely used, in which the server requests the user to input a password, and authenticate the user with a validity of the input password.
  • a one-time password method in which a password valid for only one authentication is used, or an authentication method in which authentication information created from a password is used instead of the password itself is used.
  • a simple and secure password authentication protocol Ver. 2 (SAS-2) authentication method is an example of the password authentication method in which a server authenticates a user based on following procedures (see, for example, Information and Communication Engineers, OIS2002-30, Vol. 102, No. 314, pp. 7-11, 2002, The Institute of Electronics, “Simple and secure password authentication protocol, Ver. 2 (SAS-2)” by Takasuke Tsuji, et. al.).
  • FIG. 10 and FIG. 11 are flowcharts of a processing procedure for a user authentication in the SAS-2 authentication method.
  • indicates a substitution to a left-hand side by a right-hand side
  • S represents a password that is privately held by a user
  • ID represents an identifier for a user
  • XOR represents an exclusive-OR operator
  • n is the number of authentication
  • N n is a random number (n is a positive integer equal to or greater than “1”, and is used for specifying the random number).
  • F and H represent one-way functions that do not use the password S
  • X is a one-way function that uses the password S and the random number N n
  • X n X(ID, S XOR N n ).
  • FIG. 10 is a flowchart of the initial registration of a user, according to the conventional technology.
  • the user possesses a user identifier ID and a password S in advance.
  • the user creates a random number N 1 and stores the created random number N 1 (step S 1001 ).
  • the user calculates initial authentication information A 1 defined by Equation 1 using the random number N 1 , the password S that is held privately, and the user identifier ID (step S 1002 ), and transmits the authentication information A 1 with the user identifier ID via a safe means (step S 1003 ).
  • the safe means includes a dedicated line for the authentication information, and a mailing of a recording medium in which the authentication information is stored.
  • a 1 ⁇ X 1 (ID, S XOR N 1 ) (1)
  • the server stores the authentication information A 1 in association with the user identifier ID, which is transmitted at step S 1003 (step S 1004 ). In this manner, the initial registration of the user is completed.
  • the user calculates A n defined by Equation 2, from the stored random number N n (step S 1101 ).
  • a n is current authentication information used for a current authentication process
  • C is next authentication information to be used for a next authentication process
  • D is another next authentication information obtained by unidirectional conversion of the next authentication information C.
  • the server Upon receiving ⁇ AND ⁇ from the user, the server calculates D defined by Equation 7 using the current authentication information An that is registered corresponding to ID, and calculates C defined by Equation 8 using calculated D and the current authentication information, with respect to received ⁇ AND ⁇ (step S 1105 ).
  • the server denies the authentication of the user (step S 1108 ), and ends the process of the flowchart.
  • the server determines whether to authenticate a user who calls for an authentication.
  • the authentication process is carried out based on transmission information that is mask-processed using the current authentication information A that is registered in the server. Therefore, it is possible to create the transmission information with ease by stealing the current authentication information stored in the server, and as a result, a malice third party can carry out an illegal authentication.
  • a server installed in a public place or a server installed by a person who does not have enough knowledge of a security is apt to be a target of a malice, and the current authentication information can be easily stolen.
  • the malice can take on the position of a legal user to be authenticated by using the current authentication information stored in the server.
  • the malice can succeed to obtain an illegal authentication by taking on the position of the legal user, private information can be leak, or information of the legal user can be illegally modified. Once information is disclosed, it cannot be returned to a private state, resulting in a serious damage to both the authenticator and the user.
  • a method of authenticating a subject device to be authenticated includes acquiring current authentication information that is created using an arbitrary value, and that is used for a current authentication process, from the subject device; receiving first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device; calculating the next authentication information based on the first transmission information and the current authentication information; calculating the arbitrary value based on calculated next authentication information and the second transmission information; and determining whether to authenticate the subject device based on calculated arbitrary value and the current authentication information.
  • a method of requesting an authentication to an authenticating apparatus from a subject device to be authenticated includes creating current authentication information that is used for a current authentication process, using an arbitrary value; delivering the current authentication information to the authenticating apparatus; creating first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information; creating second transmission information in which the arbitrary value is hidden using the next authentication information; and transmitting the first transmission information and the second transmission information to the authentication apparatus.
  • a computer-readable recording medium stores therein a computer program according to the above aspects.
  • An authentication apparatus includes a first acquiring unit configured to acquire, from a subject device to be authenticated, current authentication information that is created using an arbitrary value and that is used for a current authentication process; a receiving unit configured to receive first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device; a first calculating unit configured to calculate the next authentication information based on the first transmission information and the current authentication information; a second calculating unit configured to calculate the arbitrary value based on calculated next authentication information and the second transmission information; and a determining unit configured to determine whether to authenticate the subject device based on calculated arbitrary value and the current authentication information.
  • An authentication apparatus includes a first creating unit configured to create current authentication information that is used for a current authentication process, using an arbitrary value; a delivering unit configured to deliver the current authentication information to the authenticating apparatus; a second creating unit configured to create first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information; a third creating unit configured to create second transmission information in which the arbitrary value is hidden using the next authentication information; and a transmitting unit configured to transmit the first transmission information and the second transmission information to the authentication apparatus.
  • FIG. 1 is a schematic of an authentication processing system according to embodiments of the present invention.
  • FIG. 2 is a block diagram of a hardware configuration of the authentication processing system
  • FIG. 3 is a block diagram of a functional configuration of the authentication processing system
  • FIG. 4 is a flowchart of an initial registration of a user, according to a first embodiment of the present invention
  • FIG. 6 is a flowchart of an initial registration of a user, according to a second embodiment of the present invention.
  • FIG. 8 is a flowchart of an initial registration of a user, according to a third embodiment of the present invention.
  • FIG. 10 is a flowchart of a user authentication in the SAS-2 authentication method.
  • FIG. 1 A system configuration of an authentication processing system according to the embodiments will be explained with reference to FIG. 1 .
  • the system configuration of the authentication processing system, hardware configuration, and functional configuration (corresponding to FIG. 1 to FIG. 3 ) are common.
  • FIG. 1 is a schematic diagram for illustrating a system configuration of an authentication processing system 1 according to the present invention.
  • the authentication processing system 1 is configured with a user 2 ( 2 a to 2 f ) and a server 3 .
  • the user 2 is an apparatus to be authenticated that makes a request for an authentication to an authenticating apparatus
  • the server 3 is the authenticating apparatus that authenticates the apparatus to be authenticated.
  • the user 2 a to 2 f and the server 3 are connected via a network 4 .
  • the user 2 makes a request for an authentication to the server 3 , and receives a predetermined service (such as a data communication connection service, a gate pass permission, and a contents providing) that is provided by the server 3 .
  • the server 3 carries out an authentication process for the user 2 , and when the user 2 is authenticated, provides the predetermined service to the user 2 .
  • the server 3 authenticated the user 2 (when an authentication is completed)
  • the user 2 can also carry out an inter-authentication to authenticate the server 3 to which the user makes a request for an authentication.
  • FIG. 2 is a block diagram for illustrating an example of a hardware configuration of the user 2 and the server 3 constituting the authentication processing system 1 .
  • an apparatus an object that implements each of functions of the user 2 and the server 3 is referred to as “an apparatus”.
  • a central processing unit (CPU) 11 controls the entire apparatus, a read only memory (ROM) 12 stores a basic input-output program, and a random access memory (RAM) 13 is used as a working area of the CPU 11 .
  • ROM read only memory
  • RAM random access memory
  • a hard disk drive (HDD) 14 controls a read/write of data with respect to a hard disk (HD) 15 according to a control of the CPU 11 , and the HD 15 stores data written by a control of the HDD 14 .
  • a flexible disk drive (FDD) 16 controls a read/write of data with respect to a flexible disk (FD) 17 according to a control of the CPU 11 , and the FD 17 stores data written by a control of the FDD 16 .
  • a display 18 displays a variety of data, such as a cursor, a menu, a window, a text, and an image.
  • a network interface (IF) 19 carries out a reception and a transmission of data with respect to the network 4 .
  • a keyboard 20 includes a plurality of keys for inputting a text, a numerical value, and a variety of instructions, and a mouse 21 carries out selection and execution of a variety of instructions, selection of an object to be processed, and movement of the cursor.
  • a scanner 22 optically reads a text or an image
  • a printer 23 prints out a text or an image on a paper or the like
  • a compact disk-read only memory (CD-ROM) 24 is a removable recording medium
  • a CD-ROM drive 25 controls a read/write of data with respect to the CD-ROM 24
  • a bus (or a cable) 26 connects the above components.
  • FIG. 3 is a block diagram for illustrating a functional configuration of the user and the server constituting the authentication processing system.
  • the user 2 includes a creating unit 31 , a delivering unit 32 , a calculating unit 33 , and a transmitting unit 34 .
  • the creating unit 31 creates current authentication information (A) that is used for a current authentication process, using an arbitrary value (a).
  • the creating unit 31 creates the current authentication information by carrying out an using a one-way function with which a calculation of a value before the operation is difficult for the arbitrary value.
  • the creating unit 31 creates an authentication key (K) that is unique to the user 2 , together with the current authentication information.
  • the one-way function is a function with which, when two values (x and y) are operated using the function, even if a value (z) of a result of the operation and one of the two values (for example, x) are known, it is difficult to calculate the other value (y).
  • the delivering unit 32 delivers the current authentication information created by the creating unit 31 to the server 3 .
  • the delivering unit 32 delivers the authentication key to the server 3 together with the current authentication information.
  • the delivering of the current information and the authentication key means sending information to the server 3 using a method that is not available to a third party other than the server 3 , such as a transmission via a dedicated line for the information, and a mailing of a recording medium in which the information is stored.
  • the calculating unit 33 calculates next authentication information (B) that is used for a next authentication process, and calculates first transmission information, in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information, in which the arbitrary value is hidden using the next authentication information.
  • the calculating unit 33 calculates a value by carrying out an operation using a mask function with which a calculation of a value before the operation is easy for the next authentication information and the current authentication information, as the first transmission information, and a value by carrying out the operation using the mask function for the next authentication information (or sum of the next authentication information and the authentication key) and the arbitrary value, as the second transmission information.
  • the mask function is a function with which, when the operation is carried out twice, a result of the operation becomes the original value, such as an exclusive OR (XOR).
  • XOR exclusive OR
  • the mask function is taken as the exclusive-OR operation.
  • the transmitting unit 34 transmits the first transmission information and the second transmission information calculated by the calculating unit 33 to the server 3 .
  • the transmitting unit 34 transmits the above transmission information to the server 3 via the network 4 .
  • the server 3 includes an acquiring unit 41 , a receiving unit 42 , a calculating unit 43 , and a determining unit 44 .
  • the acquiring unit 41 acquires the current authentication information delivered by the delivering unit 32 of the user 2 and the authentication key unique to the user 2 .
  • the receiving unit 42 receives the first transmission information and the second transmission information transmitted by the transmitting unit 34 of the user 2 .
  • the calculating unit 43 calculates the next authentication information using the first transmission information received by the receiving unit 42 and the current authentication information acquired by the acquiring unit 41 , and calculates the arbitrary value using the next authentication information and the second transmission information.
  • the calculating unit 43 calculates the next authentication information (or sum of the next authentication information and the authentication key) by carrying out the exclusive-OR operation with respect to the first transmission information and the current authentication information, and calculates the arbitrary value by carrying out the exclusive-OR operation with respect to the next authentication information (or sum of the next authentication information and the authentication key) and the second transmission information.
  • the determining unit 44 determines whether to authenticate the user 2 , based on the arbitrary value calculated by the calculating unit 43 and the current authentication information acquired by the acquiring unit 41 .
  • the determining unit 44 determines whether a value obtained by carrying out the operation using the one-way function for the arbitrary value is identical to the current authentication information.
  • the server 3 authenticates the user 2 , otherwise denies the authentication of the user 2 .
  • Each of the above components is implemented by executing a command process by the CPU 11 according to a command of a program that is loaded to the RAM 13 from a variety of recording media, such as the HD 15 , the FD 17 , and the CD-ROM 24 of each of the apparatuses.
  • “ ⁇ ” indicates a substitution of a left-hand side by a right-hand side
  • “S” means a password that is privately held by the user (apparatus to be authenticated)
  • “ID” is a user identifier
  • “XOR” is the exclusive-OR operator
  • n is the number of authentication
  • “N n ” is a random number (n is a positive integer equal to or greater than “1”, and is used for specifying the random number)
  • F is a one-way function that does not use the password S.
  • “X” is a one-way function that uses the password S and the random number N n
  • X n X(ID, S, N n ).
  • FIG. 4 is a flowchart of a processing procedure for an initial registration of the user, according to a first embodiment of the present invention.
  • the user 2 possesses the user identifier ID for identifying itself from among a plurality of the users 2 .
  • the user 2 holds the password S that is private to itself.
  • the user identifier ID and the password S can be registered in the user 2 , or can be requested in each case of process.
  • the user 2 creates a private key K and a random number N 1 , and stores created private key K and random number N 1 (step S 101 ). Then, the user 2 calculates A 1 following Equations 9 and 10, using the user identifier ID, the password S, and the random number N 1 .
  • the A 1 is referred to as first-time authentication information.
  • the user 2 transmits the user identifier ID, the private key K, and the first-time authentication information A 1 via a safe means (step S 103 ).
  • the safe means includes a transmission through a dedicated line for the information and a mailing of a recording medium in which the information is stored. Then, the user 2 stores the calculated first-time authentication information A 1 (step S 104 ), and ends the process of the flowchart.
  • the server 3 stores each of the private key K and the first-time authentication information A 1 transmitted from the user 2 in association with the user identifier ID (step S 105 ), and ends the process of the flowchart.
  • the user 2 calculates a defined by Equation 11 from stored N n (step S 151 ). Then, the user 2 creates a new random number N n+1 , stores the created random number (step S 152 ), and calculates B defined by Equation 13 following Equations 11 and 12 (step S 153 ).
  • the user 2 calculates ⁇ and ⁇ defined by Equations 14 and 15, respectively, using the calculated a and B, and the stored K and A n (step S 154 ), and transmits ID, ⁇ , and ⁇ to the server 3 (step S 155 ). Then, the user 2 stores B calculated at step S 153 as next authentication information A n+1 (step S 156 ), and ends the process of the flowchart.
  • a is data that becomes a source of the authentication information A n .
  • the server 3 calculates B defined by Equation 16 using the authentication information A n that is registered in association with ID of the user 2 (step S 157 ), and calculates a defined by Equation 17 using a sum of B and K, with respect to ⁇ and ⁇ received from the user 2 .
  • the server 3 determines whether a result of the unidirectional conversion of the calculated a and the stored ID, F(ID, a) is identical to A n (step S 158 ). When F(ID, a) is identical to A n (“YES” at step S 158 ), the server 3 authenticates the user 2 , and starts a connection with the user 2 (step S 159 ). In addition, the server 3 stores B as the next authentication information (A n+1 ) to be used for the next authentication (step S 160 ), and ends the process of the flowchart.
  • the server denies the authentication of the user 2 , transmits an error message to the user 2 (step S 161 ), and ends the process of the flowchart.
  • the method of calculating ⁇ and ⁇ at step S 154 is not limited to the above Equations 14 and 15.
  • a sum of B and K is used for calculating ⁇ .
  • this process is to prevent, when ⁇ and ⁇ are acquired by a third party during a transmission of ⁇ and ⁇ to the server 3 , an attack by the third party using the acquired values.
  • B the value that is exclusive-OR operated with A n or a
  • B cannot be calculated from ⁇ and ⁇ .
  • the method of calculating ⁇ and ⁇ can be any one, not being limited to above Equations 14 and 15, as long as it satisfies the above condition.
  • K is a value calculated as the private key at step S 101 , however, ⁇ and ⁇ can be calculated as following Equations 18 and 19 by using the user identifier ID. ⁇ B XOR An (18) ⁇ ( B +ID) XOR a (19)
  • an operation using K can also be used.
  • K an addition of K to B can be used for calculating ⁇ , as shown in following Equations 22 and 23.
  • an operation to B in calculating ⁇ should be the one for which an inverse operation is possible, such as B ⁇ K. ⁇ ( B+K ) XOR An (22) ⁇ B XOR a (23)
  • a method of calculating a at step S 157 depends on the method of calculating ⁇ and ⁇ . For example, when ⁇ and ⁇ are calculated using the above Equations 18 and 19, a can be calculated using operations shown in following Equations 26 and 27.
  • the authentication information for an authentication process can only be created using data (password S and random number N n ) that become sources of the authentication information that is exclusively stored in the apparatus to be authenticated (user 2 ). Therefore, even if information regarding the apparatus to be authenticated (ID, K, A n ), which is stored in the authenticating apparatus (server 3 ) is stolen by a third party, the third party cannot create the authentication information for the authentication process, and cannot obtain an authentication by the authenticating apparatus.
  • a countermeasure is taken against a stealing of information on an apparatus to be authenticated (user 2 ) from an authenticating apparatus (server 3 ), by creating authentication information to be used for an authenticating process from data that is stored in the apparatus to be authenticated only.
  • a second embodiment of the present invention it is confirmed whether information that becomes a source of current authentication information (A n ) that is used for a current (n th ) authentication is calculated from information that is encrypted using next authentication information (A n+1 :B) that is used for a next ((n+1) th ) authentication. With this mechanism, it is possible to detect a modification of delivering information by a third party.
  • FIG. 6 is a flowchart of a processing procedure for an initial registration of a user, according to the second embodiment.
  • the user 2 possesses a user identifier ID for identifying itself from a plurality of users 2 .
  • the user 2 possesses a private password S that is known to itself only.
  • the user 2 creates a private key K, and stores K (step S 201 ). Then, the user 2 creates random numbers N 1 and N 2 , and stores N 2 (step S 202 ). The user 2 calculates A 1 from following Equations 28 and 29, and calculates ⁇ 1 from following Equations 30 to 32, using the user identifier ID, the password S, and the random numbers N 1 and N 2 (step S 203 ).
  • the right-hand side of Equation 32 E_ ⁇ B ⁇ (a) is a value obtained by encrypting a by using B as a key.
  • the user 2 transmits the user identifier ID, the private key K, and the first-time authentication information A 1 and ⁇ 1 via a safe means (step S 204 ). Then, the user 2 stores the calculated a and b (hereinafter, “authenticator a and b”), A 1 , and B (step S 205 ), and ends the process of the flowchart.
  • the server 3 stores each of the private key K and the first-time authentication information A 1 and ⁇ 1 transmitted from the user 2 in association with the user identifier ID (step S 206 ), and ends the process of the flowchart. With the above process, the user 2 is initially registered in the server 3 .
  • the user 2 calculates b defined by Equation 33 from stored N n+1 (step S 251 ), and determines whether the calculated b is identical to the stored b (step S 252 ). At this time, ID and S that are used for calculating b can be requested to the user 2 for every authentication process, and can be stored in the user 2 .
  • the user 2 goes to step S 253 .
  • the user 2 ends the process of the flowchart. b ⁇ X (ID, S, N n+1 ) (33)
  • the user 2 creates a new random number N n+2 , stores N n+2 (step S 253 ), and calculates an authenticator c and authentication information C from following Equations 34 and 35 (step S 254 ).
  • the authenticator c and the authentication information C are the information after the next authentication information for an authentication after the next authentication. c ⁇ X (ID, S, N n+2 ) (34) C ⁇ F (ID, c ) (35)
  • the user 2 calculates ⁇ , ⁇ , and ⁇ n+1 defined by following Equations 36 to 38, respectively, using the calculated b and D, and the stored K, A n , and B (step S 255 ). Then, the user 2 transmits ID, ⁇ , ⁇ , and ⁇ n+1 to the server 3 (step S 256 ). In addition, the user 2 stores the calculated c and C as the next authenticator b and the next authentication information B (step S 257 ), and ends the process of the flowchart.
  • the method of calculating ⁇ and ⁇ although there are various methods as described in the first embodiment, operations shown in following Equations 36 and 37 are used as an example.
  • the server 3 calculates a from following Equations 39 and 40 using the authentication information A n and the private key K that are stored in association with ⁇ , ⁇ , and ID received from the user 2 (step S 258 ).
  • the server 3 determines whether a result of the unidirectional conversion of the calculated a and the stored ID, F(ID, a), is identical to A n (step S 259 ).
  • F(ID, a) is identical to A n (“YES” at step S 259 )
  • the server 3 authenticates the user 2 .
  • the server 3 decrypts the encrypted information ⁇ n using the received B (indicated as D_ ⁇ B ⁇ ( ⁇ n)), and determines whether D_ ⁇ B ⁇ ( ⁇ n) is identical to a (step S 260 ).
  • the server 3 verifies that the authentication information B is not modified, and starts a connection with the user 2 (step S 261 ). In addition, the server 3 stores B as authentication information (A n+1 ) that is used for the next ((n+1) th ) authentication process (step S 262 ), and ends the process of the flowchart.
  • the server 3 denies the authentication of the user 2 , transmits an error message to the user 2 (step S 263 ), and ends the process of the flowchart. Furthermore, when D_ ⁇ B ⁇ ( ⁇ n) is not identical to a (“NO” at step S 260 ), the server 3 determines that the authentication information B is modified, transmits an error message to the user 2 (step S 263 ), and ends the process of the flowchart.
  • the authentication information for an authentication process can only be created using data (password S and random number N n+1 ) that become sources of the authentication information that is exclusively stored in the apparatus to be authenticated (user 2 ). Therefore, even if information regarding the apparatus to be authenticated (ID, K, A n , ⁇ n), which is stored in the authenticating apparatus (server 3 ) is stolen by a third party, the third party cannot create the authentication information for the authentication process, and cannot obtain an authentication by the authenticating apparatus.
  • data used for detecting a modification of delivering information is different from data used for an authentication process. With this mechanism, it is possible to enhance a security of the authentication process.
  • FIG. 8 is a flowchart of a processing procedure for an initial registration of a user, according to a third embodiment of the present invention.
  • the user 2 possesses a user identifier ID for identifying itself from a plurality of users 2 .
  • the user 2 possesses a private password S that is known to itself only.
  • the user 2 creates a private key K, and stores K (step S 301 ). Then, the user 2 creates random numbers N 1 and N 2 , and stores N 2 (step S 302 ). The user 2 calculates A′ 1 from following Equations 41 to 43, and calculates ⁇ 1 from following Equations 44 to 47, using the user identifier ID, the password S, and the random number N 1 (step S 303 ).
  • the right-hand side of Equation 47 E_ ⁇ B′ ⁇ (a) is a value obtained by encrypting a by using B′ as a key.
  • the user 2 transmits the user identifier ID, the private key K, and the first-time authentication information A′ 1 and ⁇ 1 via a safe means (step S 304 ). Then, the user 2 stores the calculated a and b (hereinafter, “authenticator a and b”), A, A′ 1 , B, and B′ (step S 205 ), and ends the process of the flowchart.
  • authentication a and b the calculated a and b
  • the server 3 stores each of the private key K and the first-time authentication information A′ 1 and ⁇ 1 transmitted from the user 2 in association with the user identifier ID (step S 306 ), and ends the process of the flowchart. With the above process, the user 2 is initially registered in the server 3 .
  • the user 2 calculates b defined by Equation 48 from stored N n+1 (step S 351 ), and determines whether the calculated b is identical to the stored b (step S 352 ). At this time, ID and S that are used for calculating b can be requested to the user 2 for every authentication process, and can be stored in the user 2 .
  • the user 2 goes to step S 353 .
  • the user 2 ends the process of the flowchart. b ⁇ X (ID, S, N n+1 ) (48)
  • the user 2 creates a new random number N n+2 , stores N n+2 (step S 353 ), and calculates C′ from following Equations 49 to 51 (step S 354 ).
  • the user 2 calculates ⁇ , ⁇ , and ⁇ n+1 defined by following Equations 52 to 54, respectively, using the calculated b and C′, and the stored K, A n , A′ and B′ (step S 355 ). Then, the user 2 transmits ID, ⁇ , ⁇ , and ⁇ n+1 to the server 3 (step S 356 ). In addition, the user 2 stores the calculated c and C as the next authenticator b and the next authentication information B (step S 357 ), and ends the process of the flowchart.
  • the method of calculating ⁇ and ⁇ although there are various methods as described in the first embodiment, operations shown in following Equations 52 and 53 are used as an example.
  • the server 3 calculates A from following Equations 55 and 56 using the authentication information A′ n and the private key K that are stored in association with ⁇ , ⁇ , and ID received from the user 2 (step S 358 ).
  • B ′ ⁇ XOR A′n (55)
  • a ′ ⁇ XOR ( B′+K ) (56)
  • the server 3 determines whether a result of the unidirectional conversion of the calculated A and the stored ID, F(ID, A), is identical to A′ n (step S 359 ).
  • F(ID, A) is identical to A′n (“YES” at step S 359 )
  • the server 3 authenticates the user 2 .
  • the server 3 decrypts the encrypted information ⁇ n using the received B′ (indicated as D_ ⁇ B′ ⁇ ( ⁇ n)), and calculates a defined by following Equation 57 (step S 360 ).
  • Equation 57 a ⁇ D — ⁇ B′ n ⁇ ( ⁇ n ) (57)
  • the server 3 determines whether a result of the unidirectional conversion of the calculated a and ID, F(ID, a), is identical to A (step S 361 ). When F(ID, a) is identical to A (“YES” step S 361 ), the server 3 verifies that the authentication information B′ is not modified, and starts a connection with the user 2 (step S 362 ).
  • the server 3 stores B′ as authentication information (A′ n+1 ) that is used for the next ((n+1) th ) authentication process (step S 363 ).
  • the server 3 stores ⁇ n +1 that is transmitted from the user 2 at step S 356 as the authentication information for the next ((n+1) th ) authentication process instead of ⁇ n (step S 364 ), and ends the process of the flowchart.
  • the server 3 denies the authentication of the user 2 , transmits an error message to the user 2 (step S 365 ), and ends the process of the flowchart. Furthermore, when F(ID, a) is not identical to A (“NO” at step S 361 ), the server 3 determines that the authentication information B is modified, transmits an error message to the user 2 (step S 365 ), and ends the process of the flowchart.
  • the authentication information for an authentication process can only be created using data (password S and random number N n+1 ) that become sources of the authentication information that is exclusively stored in the apparatus to be authenticated (user 2 ). Therefore, even if information regarding the apparatus to be authenticated (ID, K, A′, ⁇ n), which is stored in the authenticating apparatus (server 3 ) is stolen by a third party, the third party cannot create the authentication information for the authentication process, and cannot obtain an authentication by the authenticating apparatus.
  • the data used for the authentication process is transmitted and received in a mask-processed state. Therefore, it is possible to prevent a leakage of data used for the authentication process to a third party.
  • by verifying whether data obtained by applying a unidirectional conversion on data a that becomes a source of the current authentication information is identical to the current authentication information A it is possible to authenticate a qualification of an apparatus to be authenticated.
  • the authentication processing program, the recording medium, and the authentication processing apparatus in addition to a verification of relation of information delivered to an authenticating apparatus, a verification whether data obtained by applying a unidirectional conversion on data a that becomes a source of the current authentication information is identical to the current authentication information A is performed.
  • a verification whether data obtained by applying a unidirectional conversion on data a that becomes a source of the current authentication information is identical to the current authentication information A is performed.
  • the authentication processing method can be realized by executing a program prepared in advance with a computer, such as a personal computer and a workstation.
  • the program is stored in a computer-readable recording medium, such as a hard disk (HD), a flexible disk (FD), a compact disk-read only memory (CD-ROM), a magneto-optic (MO) disk, and a digital versatile disk (DVD).
  • the computer reads out the program from the recording medium, and executes it.
  • the program can be distributed via a network, such as the Internet.

Abstract

In a server for authenticating a user, an acquiring unit acquires current authentication information that is created using an arbitrary value and that is used for a current authentication process, from user. A receiving unit receives first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the user. A calculating unit calculates the next authentication information based on the first transmission information and the current authentication information, and the arbitrary value based on calculated next authentication information and the second transmission information. A determining unit determines whether to authenticate the user based on the arbitrary value and the current authentication information.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims priority from Japanese Patent Application JP 2005-246506, filed Aug. 26, 2005, incorporated herein by reference in its entirety.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a technology for an authentication processing for authenticating a communication party or a user in an information communication system.
2. Description of the Related Art
Conventionally, when an authenticator (server) authenticates a party to be authenticated (user), a password authentication method is widely used, in which the server requests the user to input a password, and authenticate the user with a validity of the input password. In addition, to secure a safety, a one-time password method in which a password valid for only one authentication is used, or an authentication method in which authentication information created from a password is used instead of the password itself is used.
A simple and secure password authentication protocol Ver. 2 (SAS-2) authentication method is an example of the password authentication method in which a server authenticates a user based on following procedures (see, for example, Information and Communication Engineers, OIS2002-30, Vol. 102, No. 314, pp. 7-11, 2002, The Institute of Electronics, “Simple and secure password authentication protocol, Ver. 2 (SAS-2)” by Takasuke Tsuji, et. al.). FIG. 10 and FIG. 11 are flowcharts of a processing procedure for a user authentication in the SAS-2 authentication method.
In the following explanation, “←” indicates a substitution to a left-hand side by a right-hand side, “S” represents a password that is privately held by a user, “ID” represents an identifier for a user, “XOR” represents an exclusive-OR operator, “n” is the number of authentication, and “Nn” is a random number (n is a positive integer equal to or greater than “1”, and is used for specifying the random number). In addition, “F” and “H” represent one-way functions that do not use the password S, “X” is a one-way function that uses the password S and the random number Nn, and Xn=X(ID, S XOR Nn).
Initially, a user makes a registration in a server from which the user wants to get an authentication (hereinafter, the operation of the registration is referred to as “an initial registration”). FIG. 10 is a flowchart of the initial registration of a user, according to the conventional technology. The user possesses a user identifier ID and a password S in advance.
The user creates a random number N1 and stores the created random number N1 (step S1001). The user calculates initial authentication information A1 defined by Equation 1 using the random number N1, the password S that is held privately, and the user identifier ID (step S1002), and transmits the authentication information A1 with the user identifier ID via a safe means (step S1003). The safe means includes a dedicated line for the authentication information, and a mailing of a recording medium in which the authentication information is stored. The authentication information A1 is authentication information used for the first time (n=1) authentication.
A 1 ←X 1(ID, S XOR N 1)  (1)
The server stores the authentication information A1 in association with the user identifier ID, which is transmitted at step S1003 (step S1004). In this manner, the initial registration of the user is completed.
FIG. 11 is a flowchart of an nth time authentication after the first time (n=1) authentication, according to the conventional technology. At this moment, the user possesses ID, S, and Nn, and the server holds ID and An (at the time of the first time authentication, n=1). The user calculates An defined by Equation 2, from the stored random number Nn (step S1101).
A n ←X n(ID, S XOR N n)  (2)
Then, the user creates a new random number Nn+1 and stores the created random number Nn+1, or takes An as Nn+1 and stores Nn+1 (step S1102). Subsequently, C and D defined by Equations 3 and 4, respectively, are calculated using Nn+1, and α, AND β defined by Equations 5 and 6, respectively, are calculated using C, D, and An (step S1103).
C←X n(ID, S XOR N n+1)  (3)
D←F(ID, C)  (4)
α←C XOR (D+A n)  (5)
β←D XOR A n  (6)
Finally, the user transmits calculated α AND β together with ID to the server (step S1104). At this time, An is current authentication information used for a current authentication process, C is next authentication information to be used for a next authentication process, and D is another next authentication information obtained by unidirectional conversion of the next authentication information C.
Upon receiving α AND β from the user, the server calculates D defined by Equation 7 using the current authentication information An that is registered corresponding to ID, and calculates C defined by Equation 8 using calculated D and the current authentication information, with respect to received α AND β (step S1105).
D←β XOR A n  (7)
C←α XOR (D+A n)  (8)
Thereafter, the server carries out a unidirectional conversion of C calculated from Equation 8 with ID, and verifies if a result of the unidirectional conversion is identical to D (F(ID, C)=D?) (step S1106). If the result of the unidirectional conversion is identical to D (“YES” at step S1106), the server authenticates the user (authentication complete), and stores the next authentication information C as authentication information to be used for the next ((n+1)th) authentication (step S1107).
On the other hand, if the result of the unidirectional conversion is not identical to D (“NO” at step S1106), the server denies the authentication of the user (step S1108), and ends the process of the flowchart. By carrying out the above process, the server determines whether to authenticate a user who calls for an authentication.
According to the above conventional technology, the authentication process is carried out based on transmission information that is mask-processed using the current authentication information A that is registered in the server. Therefore, it is possible to create the transmission information with ease by stealing the current authentication information stored in the server, and as a result, a malice third party can carry out an illegal authentication.
In particular, a server installed in a public place or a server installed by a person who does not have enough knowledge of a security is apt to be a target of a malice, and the current authentication information can be easily stolen. In addition, when there is a malice on the server side, the malice can take on the position of a legal user to be authenticated by using the current authentication information stored in the server.
Furthermore, if the malice can succeed to obtain an illegal authentication by taking on the position of the legal user, private information can be leak, or information of the legal user can be illegally modified. Once information is disclosed, it cannot be returned to a private state, resulting in a serious damage to both the authenticator and the user.
SUMMARY OF THE INVENTION
It is an object of the present invention to at least solve the above problems in the conventional technology.
A method of authenticating a subject device to be authenticated according to one aspect of the present invention includes acquiring current authentication information that is created using an arbitrary value, and that is used for a current authentication process, from the subject device; receiving first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device; calculating the next authentication information based on the first transmission information and the current authentication information; calculating the arbitrary value based on calculated next authentication information and the second transmission information; and determining whether to authenticate the subject device based on calculated arbitrary value and the current authentication information.
A method of requesting an authentication to an authenticating apparatus from a subject device to be authenticated according to another aspect of the present invention includes creating current authentication information that is used for a current authentication process, using an arbitrary value; delivering the current authentication information to the authenticating apparatus; creating first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information; creating second transmission information in which the arbitrary value is hidden using the next authentication information; and transmitting the first transmission information and the second transmission information to the authentication apparatus.
A computer-readable recording medium according to still another aspect of the present invention stores therein a computer program according to the above aspects.
An authentication apparatus according to still another aspect of the present invention includes a first acquiring unit configured to acquire, from a subject device to be authenticated, current authentication information that is created using an arbitrary value and that is used for a current authentication process; a receiving unit configured to receive first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device; a first calculating unit configured to calculate the next authentication information based on the first transmission information and the current authentication information; a second calculating unit configured to calculate the arbitrary value based on calculated next authentication information and the second transmission information; and a determining unit configured to determine whether to authenticate the subject device based on calculated arbitrary value and the current authentication information.
An authentication apparatus according to still another aspect of the present invention includes a first creating unit configured to create current authentication information that is used for a current authentication process, using an arbitrary value; a delivering unit configured to deliver the current authentication information to the authenticating apparatus; a second creating unit configured to create first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information; a third creating unit configured to create second transmission information in which the arbitrary value is hidden using the next authentication information; and a transmitting unit configured to transmit the first transmission information and the second transmission information to the authentication apparatus.
The other objects, features, and advantages of the present invention are specifically set forth in or will become apparent from the following detailed description of the invention when read in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a schematic of an authentication processing system according to embodiments of the present invention;
FIG. 2 is a block diagram of a hardware configuration of the authentication processing system;
FIG. 3 is a block diagram of a functional configuration of the authentication processing system;
FIG. 4 is a flowchart of an initial registration of a user, according to a first embodiment of the present invention;
FIG. 5 is a flowchart of an nth time authentication after a first time (n=1) authentication, according to the first embodiment;
FIG. 6 is a flowchart of an initial registration of a user, according to a second embodiment of the present invention;
FIG. 7 is a flowchart of an nth time authentication after the first time (n=1) authentication, according to the second embodiment;
FIG. 8 is a flowchart of an initial registration of a user, according to a third embodiment of the present invention;
FIG. 9 is a flowchart of an nth time authentication after the first time (n=1) authentication, according to the third embodiment;
FIG. 10 is a flowchart of a user authentication in the SAS-2 authentication method; and
FIG. 11 is a flowchart of an nth time authentication after the first time (n=1) authentication in the SAS-2 authentication method.
 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Exemplary embodiments according to the present invention will be explained in detail below with reference to the accompanying drawings.
A system configuration of an authentication processing system according to the embodiments will be explained with reference to FIG. 1. In a first embodiment to a third embodiment of the present invention, the system configuration of the authentication processing system, hardware configuration, and functional configuration (corresponding to FIG. 1 to FIG. 3) are common.
FIG. 1 is a schematic diagram for illustrating a system configuration of an authentication processing system 1 according to the present invention. The authentication processing system 1 is configured with a user 2 (2 a to 2 f) and a server 3. In the authentication processing system 1, the user 2 is an apparatus to be authenticated that makes a request for an authentication to an authenticating apparatus, and the server 3 is the authenticating apparatus that authenticates the apparatus to be authenticated. The user 2 a to 2 f and the server 3 are connected via a network 4.
The user 2 makes a request for an authentication to the server 3, and receives a predetermined service (such as a data communication connection service, a gate pass permission, and a contents providing) that is provided by the server 3. The server 3 carries out an authentication process for the user 2, and when the user 2 is authenticated, provides the predetermined service to the user 2. Hereinafter, when the server 3 authenticated the user 2 (when an authentication is completed), it is assumed that an interconnection between the server 3 and the user 2 is started. In addition, although a detailed explanation is not given, the user 2 can also carry out an inter-authentication to authenticate the server 3 to which the user makes a request for an authentication.
FIG. 2 is a block diagram for illustrating an example of a hardware configuration of the user 2 and the server 3 constituting the authentication processing system 1. Hereinafter, for the sake of convenience in explanation, it is assumed that the user 2 and the server 3 has the same hardware configuration, and an object that implements each of functions of the user 2 and the server 3 is referred to as “an apparatus”.
A central processing unit (CPU) 11 controls the entire apparatus, a read only memory (ROM) 12 stores a basic input-output program, and a random access memory (RAM) 13 is used as a working area of the CPU 11.
A hard disk drive (HDD) 14 controls a read/write of data with respect to a hard disk (HD) 15 according to a control of the CPU 11, and the HD 15 stores data written by a control of the HDD 14. A flexible disk drive (FDD) 16 controls a read/write of data with respect to a flexible disk (FD) 17 according to a control of the CPU 11, and the FD 17 stores data written by a control of the FDD 16.
A display 18 displays a variety of data, such as a cursor, a menu, a window, a text, and an image. A network interface (IF) 19 carries out a reception and a transmission of data with respect to the network 4. A keyboard 20 includes a plurality of keys for inputting a text, a numerical value, and a variety of instructions, and a mouse 21 carries out selection and execution of a variety of instructions, selection of an object to be processed, and movement of the cursor.
A scanner 22 optically reads a text or an image, a printer 23 prints out a text or an image on a paper or the like, a compact disk-read only memory (CD-ROM) 24 is a removable recording medium, a CD-ROM drive 25 controls a read/write of data with respect to the CD-ROM 24, and a bus (or a cable) 26 connects the above components.
FIG. 3 is a block diagram for illustrating a functional configuration of the user and the server constituting the authentication processing system.
The user 2 includes a creating unit 31, a delivering unit 32, a calculating unit 33, and a transmitting unit 34. The creating unit 31 creates current authentication information (A) that is used for a current authentication process, using an arbitrary value (a). The creating unit 31 creates the current authentication information by carrying out an using a one-way function with which a calculation of a value before the operation is difficult for the arbitrary value. In addition, the creating unit 31 creates an authentication key (K) that is unique to the user 2, together with the current authentication information.
The one-way function is a function with which, when two values (x and y) are operated using the function, even if a value (z) of a result of the operation and one of the two values (for example, x) are known, it is difficult to calculate the other value (y). In other words, when the one-way function is h, a value z obtained by operating the values x and y using the one-way function h is expressed as z=h(x, y). At this time, it is difficult to calculate y from x and z.
The delivering unit 32 delivers the current authentication information created by the creating unit 31 to the server 3. In addition, the delivering unit 32 delivers the authentication key to the server 3 together with the current authentication information. The delivering of the current information and the authentication key means sending information to the server 3 using a method that is not available to a third party other than the server 3, such as a transmission via a dedicated line for the information, and a mailing of a recording medium in which the information is stored.
The calculating unit 33 calculates next authentication information (B) that is used for a next authentication process, and calculates first transmission information, in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information, in which the arbitrary value is hidden using the next authentication information. The calculating unit 33 calculates a value by carrying out an operation using a mask function with which a calculation of a value before the operation is easy for the next authentication information and the current authentication information, as the first transmission information, and a value by carrying out the operation using the mask function for the next authentication information (or sum of the next authentication information and the authentication key) and the arbitrary value, as the second transmission information.
The mask function is a function with which, when the operation is carried out twice, a result of the operation becomes the original value, such as an exclusive OR (XOR). Hereinafter, the mask function is taken as the exclusive-OR operation.
The transmitting unit 34 transmits the first transmission information and the second transmission information calculated by the calculating unit 33 to the server 3. The transmitting unit 34 transmits the above transmission information to the server 3 via the network 4.
The server 3 includes an acquiring unit 41, a receiving unit 42, a calculating unit 43, and a determining unit 44. The acquiring unit 41 acquires the current authentication information delivered by the delivering unit 32 of the user 2 and the authentication key unique to the user 2. The receiving unit 42 receives the first transmission information and the second transmission information transmitted by the transmitting unit 34 of the user 2.
The calculating unit 43 calculates the next authentication information using the first transmission information received by the receiving unit 42 and the current authentication information acquired by the acquiring unit 41, and calculates the arbitrary value using the next authentication information and the second transmission information. The calculating unit 43 calculates the next authentication information (or sum of the next authentication information and the authentication key) by carrying out the exclusive-OR operation with respect to the first transmission information and the current authentication information, and calculates the arbitrary value by carrying out the exclusive-OR operation with respect to the next authentication information (or sum of the next authentication information and the authentication key) and the second transmission information.
The determining unit 44 determines whether to authenticate the user 2, based on the arbitrary value calculated by the calculating unit 43 and the current authentication information acquired by the acquiring unit 41. The determining unit 44 determines whether a value obtained by carrying out the operation using the one-way function for the arbitrary value is identical to the current authentication information. When the value obtained by carrying out the operation using the one-way function for the arbitrary value is identical to the current authentication information, the server 3 authenticates the user 2, otherwise denies the authentication of the user 2.
Each of the above components is implemented by executing a command process by the CPU 11 according to a command of a program that is loaded to the RAM 13 from a variety of recording media, such as the HD 15, the FD 17, and the CD-ROM 24 of each of the apparatuses.
Following is an explanation for a process when the server 3 (authenticating apparatus) authenticates the user 2 (apparatus to be authenticated). Prior to the authentication process, an initial registration process of the user 2 is carried out with respect to the server 3. The server 3 carries out the authentication process to authenticate the user 2 using information registered at the time of the initial registration.
In the following explanation, “←” indicates a substitution of a left-hand side by a right-hand side, “S” means a password that is privately held by the user (apparatus to be authenticated), “ID” is a user identifier, “XOR” is the exclusive-OR operator, “n” is the number of authentication, and “Nn” is a random number (n is a positive integer equal to or greater than “1”, and is used for specifying the random number), F is a one-way function that does not use the password S. When z=F(x, y), it is difficult to quantitatively calculate y from z and x. “X” is a one-way function that uses the password S and the random number Nn, and Xn=X(ID, S, Nn).
FIG. 4 is a flowchart of a processing procedure for an initial registration of the user, according to a first embodiment of the present invention. The user 2 possesses the user identifier ID for identifying itself from among a plurality of the users 2. In addition, the user 2 holds the password S that is private to itself. The user identifier ID and the password S can be registered in the user 2, or can be requested in each case of process.
Firstly, the user 2 creates a private key K and a random number N1, and stores created private key K and random number N1 (step S101). Then, the user 2 calculates A1 following Equations 9 and 10, using the user identifier ID, the password S, and the random number N1. The A1 in Equation 9 is authentication information An that is used for the first time (n=1) authentication. Hereinafter, the A1 is referred to as first-time authentication information.
a←X(ID, S, N 1)  (9)
A 1 ←F(ID, a)  (10)
The user 2 transmits the user identifier ID, the private key K, and the first-time authentication information A1 via a safe means (step S103). The safe means includes a transmission through a dedicated line for the information and a mailing of a recording medium in which the information is stored. Then, the user 2 stores the calculated first-time authentication information A1 (step S104), and ends the process of the flowchart.
The server 3 stores each of the private key K and the first-time authentication information A1 transmitted from the user 2 in association with the user identifier ID (step S105), and ends the process of the flowchart.
FIG. 5 is a flowchart of a processing procedure for an nth time authentication after the first time (n=1) authentication, according to the first embodiment. At this moment, the user 2 possesses the private key K, the random number Nn (at the time of the first time authentication, n=1), and the authentication information An (at the time of the first time authentication, n=1), as stored information. The server 3 possesses ID of the user 2, the private key K and the authentication information An (at the time of the first time authentication, n=1) transmitted from the user 2 at the time of initial registration in FIG. 4, as stored information.
The user 2 calculates a defined by Equation 11 from stored Nn (step S151). Then, the user 2 creates a new random number Nn+1, stores the created random number (step S152), and calculates B defined by Equation 13 following Equations 11 and 12 (step S153).
a←X(ID, S, N n)  (11)
b←X(ID, S, N n+1)  (12)
B←F(ID, b)  (13)
The user 2 calculates α and β defined by Equations 14 and 15, respectively, using the calculated a and B, and the stored K and An (step S154), and transmits ID, α, and β to the server 3 (step S155). Then, the user 2 stores B calculated at step S153 as next authentication information An+1 (step S156), and ends the process of the flowchart. Here, a is data that becomes a source of the authentication information An.
α←B XOR A n  (14)
β←(B+K) XOR a  (15)
The server 3 calculates B defined by Equation 16 using the authentication information An that is registered in association with ID of the user 2 (step S157), and calculates a defined by Equation 17 using a sum of B and K, with respect to α and β received from the user 2.
B←α XOR A n  (16)
a←β XOR (B+K)  (17)
The server 3 determines whether a result of the unidirectional conversion of the calculated a and the stored ID, F(ID, a) is identical to An (step S158). When F(ID, a) is identical to An (“YES” at step S158), the server 3 authenticates the user 2, and starts a connection with the user 2 (step S159). In addition, the server 3 stores B as the next authentication information (An+1) to be used for the next authentication (step S160), and ends the process of the flowchart. On the other hand, when F(ID, a) is not identical to An (“NO” at step S158), the server denies the authentication of the user 2, transmits an error message to the user 2 (step S161), and ends the process of the flowchart.
The method of calculating α and β at step S154 is not limited to the above Equations 14 and 15. In the calculation shown in Equations 14 and 15, a sum of B and K is used for calculating β. However, this process is to prevent, when α and β are acquired by a third party during a transmission of α and β to the server 3, an attack by the third party using the acquired values. In other words, by performing an operation on either one of B that is used for calculating α and B that is used for calculating β, so that the B portion (the value that is exclusive-OR operated with An or a) of α and the B portion of β are different, B cannot be calculated from α and β. The method of calculating α and β can be any one, not being limited to above Equations 14 and 15, as long as it satisfies the above condition.
For example, it is possible to use a value created from common information between the user 2 and the server 3, such as ID, or common information such as An as K. In the above example, K is a value calculated as the private key at step S101, however, α and β can be calculated as following Equations 18 and 19 by using the user identifier ID.
α←B XOR An  (18)
β←(B+ID) XOR a  (19)
Furthermore, when calculating β, a subtraction of K from B can be used instead of an addition of K to B, as shown in following Equations 20 and 21. In addition, it is possible to use any kind of operation between B and K, such as a multiplication and a division.
α←B XOR An  (20)
β←(B−K) XOR a  (21)
Moreover, when calculating α, an operation using K can also be used. For example, an addition of K to B can be used for calculating α, as shown in following Equations 22 and 23. However, an operation to B in calculating α should be the one for which an inverse operation is possible, such as B−K.
α←(B+K) XOR An  (22)
β←B XOR a  (23)
In addition to the above methods of calculation, a combination of operations can be used for calculating α and β, as shown in following Equations 24 and 25.
α←(B−ID) XOR An  (24)
β←B XOR a  (25)
In this manner, there are various methods of calculating α and β, however, a method of calculating a at step S157 depends on the method of calculating α and β. For example, when α and β are calculated using the above Equations 18 and 19, a can be calculated using operations shown in following Equations 26 and 27.
B←α XOR An  (26)
a←α XOR (B+ID)  (27)
As described above, according to the first embodiment, the authentication information for an authentication process can only be created using data (password S and random number Nn) that become sources of the authentication information that is exclusively stored in the apparatus to be authenticated (user 2). Therefore, even if information regarding the apparatus to be authenticated (ID, K, An), which is stored in the authenticating apparatus (server 3) is stolen by a third party, the third party cannot create the authentication information for the authentication process, and cannot obtain an authentication by the authenticating apparatus.
According to the first embodiment, a countermeasure is taken against a stealing of information on an apparatus to be authenticated (user 2) from an authenticating apparatus (server 3), by creating authentication information to be used for an authenticating process from data that is stored in the apparatus to be authenticated only. According to a second embodiment of the present invention, it is confirmed whether information that becomes a source of current authentication information (An) that is used for a current (nth) authentication is calculated from information that is encrypted using next authentication information (An+1:B) that is used for a next ((n+1)th) authentication. With this mechanism, it is possible to detect a modification of delivering information by a third party.
FIG. 6 is a flowchart of a processing procedure for an initial registration of a user, according to the second embodiment. The user 2 possesses a user identifier ID for identifying itself from a plurality of users 2. In addition, the user 2 possesses a private password S that is known to itself only.
Firstly, the user 2 creates a private key K, and stores K (step S201). Then, the user 2 creates random numbers N1 and N2, and stores N2 (step S202). The user 2 calculates A1 from following Equations 28 and 29, and calculates γ1 from following Equations 30 to 32, using the user identifier ID, the password S, and the random numbers N1 and N2 (step S203). The A1 and γ1 are first-time authentication information that are used for a first time (n=1) authentication. The right-hand side of Equation 32 E_{B}(a) is a value obtained by encrypting a by using B as a key.
a←X(ID, S, N 1)  (28)
A 1 ←F(ID, a)  (29)
b←X(ID, S, N 2)  (30)
B←F(ID, b)  (31)
γ1 ←E {B}(a)  (32)
The user 2 transmits the user identifier ID, the private key K, and the first-time authentication information A1 and γ1 via a safe means (step S204). Then, the user 2 stores the calculated a and b (hereinafter, “authenticator a and b”), A1, and B (step S205), and ends the process of the flowchart.
The server 3 stores each of the private key K and the first-time authentication information A1 and γ1 transmitted from the user 2 in association with the user identifier ID (step S206), and ends the process of the flowchart. With the above process, the user 2 is initially registered in the server 3.
FIG. 7 is a flowchart of a processing procedure for an nth time authentication after the first time (n=1) authentication, according to the second embodiment. At this moment, the user 2 possesses the private key K, the random number Nn+1 (at the time of the first time authentication, N2 because n=1), the authentication information An (at the time of the first time authentication, n=1), B, and the authenticator a and b, as stored information. The server 3 possesses the private key K, and the authentication information An and γn (at the time of the first time authentication, n=1) transmitted from the user 2 at the time of initial registration in FIG. 6, as stored information.
The user 2 calculates b defined by Equation 33 from stored Nn+1 (step S251), and determines whether the calculated b is identical to the stored b (step S252). At this time, ID and S that are used for calculating b can be requested to the user 2 for every authentication process, and can be stored in the user 2. When the calculated b is identical to the stored b (“YES” at step S252), the user 2 goes to step S253. On the other hand, when the calculated b is not identical to the stored b (“NO” at step S252), the user 2 ends the process of the flowchart.
b←X(ID, S, N n+1)  (33)
The user 2 creates a new random number Nn+2, stores Nn+2 (step S253), and calculates an authenticator c and authentication information C from following Equations 34 and 35 (step S254). The authenticator c and the authentication information C are the information after the next authentication information for an authentication after the next authentication.
c←X(ID, S, N n+2)  (34)
C←F(ID, c)  (35)
Subsequently, the user 2 calculates α, β, and γn+1 defined by following Equations 36 to 38, respectively, using the calculated b and D, and the stored K, An, and B (step S255). Then, the user 2 transmits ID, α, β, and γn+1 to the server 3 (step S256). In addition, the user 2 stores the calculated c and C as the next authenticator b and the next authentication information B (step S257), and ends the process of the flowchart. As for the method of calculating α and β, although there are various methods as described in the first embodiment, operations shown in following Equations 36 and 37 are used as an example.
α←B XOR An  (36)
β←(B+K) XOR a  (37)
γn+1 ←E {C}(b)  (38)
The server 3 calculates a from following Equations 39 and 40 using the authentication information An and the private key K that are stored in association with α, β, and ID received from the user 2 (step S258).
B←α XOR An  (39)
a←β XOR (B+K)  (40)
Then, the server 3 determines whether a result of the unidirectional conversion of the calculated a and the stored ID, F(ID, a), is identical to An (step S259). When F(ID, a) is identical to An (“YES” at step S259), the server 3 authenticates the user 2. Subsequently, the server 3 decrypts the encrypted information γn using the received B (indicated as D_{B}(γn)), and determines whether D_{B}(γn) is identical to a (step S260).
When D_{B}(γn) is identical to a (“YES” at step S260), the server 3 verifies that the authentication information B is not modified, and starts a connection with the user 2 (step S261). In addition, the server 3 stores B as authentication information (An+1) that is used for the next ((n+1)th) authentication process (step S262), and ends the process of the flowchart.
On the other hand, when F(ID, a) is not identical to An (“NO” at step S259), the server 3 denies the authentication of the user 2, transmits an error message to the user 2 (step S263), and ends the process of the flowchart. Furthermore, when D_{B}(γn) is not identical to a (“NO” at step S260), the server 3 determines that the authentication information B is modified, transmits an error message to the user 2 (step S263), and ends the process of the flowchart.
As described above, according to the second embodiment, the authentication information for an authentication process can only be created using data (password S and random number Nn+1) that become sources of the authentication information that is exclusively stored in the apparatus to be authenticated (user 2). Therefore, even if information regarding the apparatus to be authenticated (ID, K, An, γn), which is stored in the authenticating apparatus (server 3) is stolen by a third party, the third party cannot create the authentication information for the authentication process, and cannot obtain an authentication by the authenticating apparatus.
Furthermore, by verifying whether data (a:D{B}(γn)) that becomes a source of the current authentication information that is used for the current authentication is calculated from information (γn:E{B}(a)) that is encrypted using the next authentication information (B), it is possible to detect a modification of delivering information by a third party.
According to a third embodiment of the present invention, data used for detecting a modification of delivering information is different from data used for an authentication process. With this mechanism, it is possible to enhance a security of the authentication process.
FIG. 8 is a flowchart of a processing procedure for an initial registration of a user, according to a third embodiment of the present invention. The user 2 possesses a user identifier ID for identifying itself from a plurality of users 2. In addition, the user 2 possesses a private password S that is known to itself only.
Firstly, the user 2 creates a private key K, and stores K (step S301). Then, the user 2 creates random numbers N1 and N2, and stores N2 (step S302). The user 2 calculates A′1 from following Equations 41 to 43, and calculates γ1 from following Equations 44 to 47, using the user identifier ID, the password S, and the random number N1 (step S303). The A′1 and γ1 are first-time authentication information that are used for a first time (n=1) authentication. The right-hand side of Equation 47 E_{B′}(a) is a value obtained by encrypting a by using B′ as a key.
a←X(ID, S, N 1)  (41)
A←F(ID, a)  (42)
A′ 1 ←F(ID, A)  (43)
b←X(ID, S, N 2)  (44)
B←F(ID, b)  (45)
B′←F(ID, B)  (46)
γ1 ←E {B′}(a)  (47)
The user 2 transmits the user identifier ID, the private key K, and the first-time authentication information A′1 and γ1 via a safe means (step S304). Then, the user 2 stores the calculated a and b (hereinafter, “authenticator a and b”), A, A′1, B, and B′ (step S205), and ends the process of the flowchart.
The server 3 stores each of the private key K and the first-time authentication information A′1 and γ1 transmitted from the user 2 in association with the user identifier ID (step S306), and ends the process of the flowchart. With the above process, the user 2 is initially registered in the server 3.
FIG. 9 is a flowchart of a processing procedure for an nth time authentication after the first time (n=1) authentication, according to the third embodiment. At this moment, the user 2 possesses the private key K, the random number Nn+1 (at the time of the first time authentication, N2 because n=1), the authentication information A′n (at the time of the first time authentication, n=1), A, B′, B, and the authenticator a and b, as stored information. The server 3 possesses the private key K, and the authentication information A′n and γn (at the time of the first time authentication, n=1) transmitted from the user 2 at the time of initial registration in FIG. 8, as stored information.
The user 2 calculates b defined by Equation 48 from stored Nn+1 (step S351), and determines whether the calculated b is identical to the stored b (step S352). At this time, ID and S that are used for calculating b can be requested to the user 2 for every authentication process, and can be stored in the user 2. When the calculated b is identical to the stored b (“YES” at step S352), the user 2 goes to step S353. On the other hand, when the calculated b is not identical to the stored b (“NO” at step S352), the user 2 ends the process of the flowchart.
b←X(ID, S, N n+1)  (48)
The user 2 creates a new random number Nn+2, stores Nn+2 (step S353), and calculates C′ from following Equations 49 to 51 (step S354).
c←X(ID, S, N n+2)  (49)
C←F(ID, c)  (50)
C′←F(ID, C) (  (51)
Subsequently, the user 2 calculates α, β, and γn+1 defined by following Equations 52 to 54, respectively, using the calculated b and C′, and the stored K, An, A′ and B′ (step S355). Then, the user 2 transmits ID, α, β, and γn+1 to the server 3 (step S356). In addition, the user 2 stores the calculated c and C as the next authenticator b and the next authentication information B (step S357), and ends the process of the flowchart. As for the method of calculating α and β, although there are various methods as described in the first embodiment, operations shown in following Equations 52 and 53 are used as an example.
α←B′ XOR A′n  (52)
β←(B′+K) XOR A  (53)
γn+1 ←E {C′}(b)  (54)
The server 3 calculates A from following Equations 55 and 56 using the authentication information A′n and the private key K that are stored in association with α, β, and ID received from the user 2 (step S358).
B′←α XOR A′n  (55)
A′←β XOR (B′+K)  (56)
Then, the server 3 determines whether a result of the unidirectional conversion of the calculated A and the stored ID, F(ID, A), is identical to A′n (step S359). When F(ID, A) is identical to A′n (“YES” at step S359), the server 3 authenticates the user 2. Subsequently, the server 3 decrypts the encrypted information γn using the received B′ (indicated as D_{B′}(γn)), and calculates a defined by following Equation 57 (step S360).
a←D {B′ n}(γn)  (57)
The server 3 determines whether a result of the unidirectional conversion of the calculated a and ID, F(ID, a), is identical to A (step S361). When F(ID, a) is identical to A (“YES” step S361), the server 3 verifies that the authentication information B′ is not modified, and starts a connection with the user 2 (step S362).
In addition, the server 3 stores B′ as authentication information (A′n+1) that is used for the next ((n+1)th) authentication process (step S363). The server 3 stores γn+1 that is transmitted from the user 2 at step S356 as the authentication information for the next ((n+1)th) authentication process instead of γn (step S364), and ends the process of the flowchart.
On the other hand, when F(ID, A) is not identical to A′n (“NO” at step S359), the server 3 denies the authentication of the user 2, transmits an error message to the user 2 (step S365), and ends the process of the flowchart. Furthermore, when F(ID, a) is not identical to A (“NO” at step S361), the server 3 determines that the authentication information B is modified, transmits an error message to the user 2 (step S365), and ends the process of the flowchart.
As described above, according to the third embodiment, the authentication information for an authentication process can only be created using data (password S and random number Nn+1) that become sources of the authentication information that is exclusively stored in the apparatus to be authenticated (user 2). Therefore, even if information regarding the apparatus to be authenticated (ID, K, A′, γn), which is stored in the authenticating apparatus (server 3) is stolen by a third party, the third party cannot create the authentication information for the authentication process, and cannot obtain an authentication by the authenticating apparatus.
Furthermore, by verifying whether data (a:D{B′}(γn)) that becomes a source of the current authentication information that is used for the current authentication is calculated from information (γn:E{B′}(a)) that is encrypted using the next authentication information (B′), it is possible to detect a modification of delivering information by a third party.
In addition, by using different data (A′) used for the authentication from data (A) used for detecting a modification of delivering information, it is possible to enhance a security of the authentication process.
As described above, in the authentication processing method, the authentication processing program, the recording medium, and the authentication processing apparatus according to the present invention, the data used for the authentication process is transmitted and received in a mask-processed state. Therefore, it is possible to prevent a leakage of data used for the authentication process to a third party. In addition, by verifying whether data obtained by applying a unidirectional conversion on data a that becomes a source of the current authentication information is identical to the current authentication information A, it is possible to authenticate a qualification of an apparatus to be authenticated.
Furthermore, in the authentication processing method, the authentication processing program, the recording medium, and the authentication processing apparatus according to the present invention, in addition to a verification of relation of information delivered to an authenticating apparatus, a verification whether data obtained by applying a unidirectional conversion on data a that becomes a source of the current authentication information is identical to the current authentication information A is performed. With this mechanism, it is possible to detect whether the delivering information is created by a legal apparatus to be authenticated. Therefore, even if the current authentication information A that is registered in the authenticating apparatus is stolen by a third party, it is possible to prevent an illegal authentication by others.
The authentication processing method according to the present invention can be realized by executing a program prepared in advance with a computer, such as a personal computer and a workstation. The program is stored in a computer-readable recording medium, such as a hard disk (HD), a flexible disk (FD), a compact disk-read only memory (CD-ROM), a magneto-optic (MO) disk, and a digital versatile disk (DVD). The computer reads out the program from the recording medium, and executes it. Furthermore, the program can be distributed via a network, such as the Internet.
According to the embodiments described above, it is possible to enhance security.
The present document incorporates by reference the entire contents of Japanese priority document, 2005-246506 filed in Japan on Aug. 26, 2005.
Although the invention has been described with respect to a specific embodiment for a complete and clear disclosure, the appended claims are not to be thus limited but are to be construed as embodying all modifications and alternative constructions that may occur to one skilled in the art which fairly fall within the basic teaching herein set forth.

Claims (14)

What is claimed is:
1. A method of authenticating a subject device to be authenticated, comprising:
acquiring current authentication information that is created using an arbitrary value, and that is used for a current authentication process, from the subject device;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
receiving first transmission information that is expressed as the next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device;
calculating the next authentication information based on the first transmission information and the current authentication information;
calculating the arbitrary value based on calculated next authentication information and the second transmission information; and
determining whether to authenticate the subject device based on a calculated arbitrary value and the current authentication information,
wherein the acquiring includes acquiring the current authentication information that is created by performing, two times, an operation using a one-way function on the arbitrary value, and
wherein the determining includes
decrypting the encryption information using the next authentication information;
determining whether to authenticate the subject device based on decrypted encryption information;
performing, two times, the operation using the one-way function on the calculated arbitrary value; and
determining whether to authenticate the subject device based on whether a value obtained by performing, two times, the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
2. The method according to claim 1, wherein
the acquiring includes acquiring the current authentication information that is created by performing an operation using a one-way function on an arbitrary value, and
the determining includes
performing the operation using the one-way function on the calculated arbitrary value; and
determining whether a value obtained by performing the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
3. The method according to claim 1, wherein
the receiving includes receiving a value obtained by performing an operation using a mask function on the next authentication information and the current authentication information, as the first transmission information, and a value obtained by performing the operation using the mask function on the arbitrary value and the next authentication information, as the second transmission information,
the calculating the next authentication information includes calculating the next authentication information by performing the operation using the mask function on the first transmission information and the current authentication information, and
the calculating the arbitrary value includes calculating the arbitrary value by performing the operation using the mask function on the calculated next authentication information and the second transmission information.
4. The method according to claim 1, further comprising
acquiring an authentication key from the subject device, wherein the authentication key is unique to the subject device, wherein
the receiving includes receiving a value in which the arbitrary value is hidden by a value obtained by performing an operation using the authentication key on the next authentication information as the second transmission information, and
the calculating the arbitrary value includes calculating the arbitrary value based on the authentication key, the calculated next authentication information, and the second transmission information.
5. The method according to claim 1, further comprising
acquiring an authentication key from the subject device, wherein the authentication key is unique to the subject device, wherein
the receiving includes receiving a value in which a value obtained by performing an operation using the authentication key on the next authentication information is hidden using the current authentication information, as the first transmission information, and
the calculating the next authentication information includes calculating the next authentication information based on the authentication key, the first transmission information, and the current authentication information.
6. A method of requesting an authentication to an authenticating apparatus from a subject device to be authenticated, comprising:
creating current authentication information that is used for a current authentication process, using an arbitrary value;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
delivering the current authentication information and the encryption information to the authenticating apparatus;
creating first transmission information that is expressed as the next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process;
creating second transmission information in which the arbitrary value is hidden using the next authentication information;
transmitting the first transmission information and the second transmission information to the authenticating apparatus,
wherein the creating current authentication information includes creating the current authentication information by performing, two times, an operation using a one-way function on the arbitrary value.
7. The method according to claim 6, wherein
the creating current authentication information includes creating the current authentication information by performing an operation using a one-way function.
8. The method according to claim 6, wherein
the creating the first transmission information includes performing an operation using a mask function on the next authentication information and the current authentication information, and
the creating the second transmission information includes creating the second transmission information by performing the operation using the mask function on the arbitrary value and the next authentication information.
9. The method according to claim 6, further comprising:
creating an authentication key that is unique to a subject device to be authenticated; and
delivering the authentication key to the authenticating apparatus, wherein
the creating second transmission information includes
performing an operation using the authentication key on the next authentication information; and
creating the second transmission information in which the arbitrary value is hidden by a value obtained by performing the operation using the authentication key on the next authentication information.
10. The method according to claim 6, further comprising:
creating an authentication key that is unique to a subject device to be authenticated; and
delivering the authentication key to the authenticating apparatus, wherein
the creating the first transmission information includes
performing an operation using the authentication key on the next authentication information; and
creating the first authentication information in which a value obtained by performing the operation using the authentication key is hidden using the current authentication information.
11. A non-transitory computer-readable recording medium that stores therein a computer program for authenticating a subject device to be authenticated, the computer program making a computer execute:
acquiring current authentication information that is created using an arbitrary value, and that is used for a current authentication process, from the subject device;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
receiving first transmission information that is expressed as the next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device;
calculating the next authentication information based on the first transmission information and the current authentication information;
calculating the arbitrary value based on calculated next authentication information and the second transmission information; and
determining whether to authenticate the subject device based on a calculated arbitrary value and the current authentication information,
wherein the acquiring includes acquiring the current authentication information that is created by performing, two times, an operation using a one-way function on the arbitrary value, and
wherein the determining includes
decrypting the encryption information using the next authentication information;
determining whether to authenticate the subject device based on decrypted encryption information: and
performing, two times, the operation using the one-way function on the calculated arbitrary value; and
determining whether to authenticate the subject device based on whether a value obtained by performing, two times, the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
12. A non-transitory computer-readable recording medium that stores therein a computer program for requesting an authentication to an authenticating apparatus from a subject device to be authenticated, the computer program making a computer execute:
creating current authentication information that is used for a current authentication process, using an arbitrary value;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
delivering the current authentication information and the encryption information to the authenticating apparatus;
creating first transmission information that is expressed as next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process;
creating second transmission information in which the arbitrary value is hidden using the next authentication information; and
transmitting the first transmission information and the second transmission information to the authenticating apparatus,
wherein the creating current authentication information includes creating the current authentication information by performing, two times, an operation using a one-way function on the arbitrary value.
13. An authentication apparatus comprising:
a first acquiring unit configured to acquire, from a subject device to be authenticated, current authentication information that is created using an arbitrary value and that is used for a current authentication process, and encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
a receiving unit configured to receive, via a network interface, first transmission information that is expressed as next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device;
a first calculating unit configured to calculate the next authentication information based on the first transmission information and the current authentication information;
a second calculating unit configured to calculate the arbitrary value based on calculated next authentication information and the second transmission information; and
a determining unit configured to determine whether to authenticate the subject device based on a calculated arbitrary value and the current authentication information,
wherein the acquiring includes acquiring the current authentication information that is created by performing, two times, an operation using a one-way function on the arbitrary value, and
wherein the determining includes
decrypting the encryption information using the next authentication information;
determining whether to authenticate the subject device based on decrypted encryption information; and
performing, two times, the operation using the one-way function on the calculated arbitrary value; and
determining whether to authenticate the subject device based on whether a value obtained by performing, two times, the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
14. An authentication apparatus comprising:
a creating unit configured to:
create current authentication information that is used for a current authentication process, using an arbitrary value;
create first transmission information that is expressed as next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process;
create second transmission information in which the arbitrary value is hidden using the next authentication information; and
acquire encryption information that is the arbitrary value encrypted using the next authentication information as an encryption key;
a delivering unit configured to deliver the current authentication information and the encryption information to an authenticating apparatus that authenticates the authentication apparatus; and
a transmitting unit configured to transmit, via a network interface, the first transmission information and the second transmission information to the authenticating apparatus,
wherein the creating current authentication information includes creating the current authentication information by performing, two times, an operation using a one-way function on the arbitrary value.
US11/368,601 2005-08-26 2006-03-07 Authentication method, authentication apparatus, and computer product Active 2030-01-31 US8423766B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005-246506 2005-08-26
JP2005246506A JP4436294B2 (en) 2005-08-26 2005-08-26 Authentication processing method, authentication processing program, recording medium, and authentication processing apparatus

Publications (2)

Publication Number Publication Date
US20070050631A1 US20070050631A1 (en) 2007-03-01
US8423766B2 true US8423766B2 (en) 2013-04-16

Family

ID=37420839

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/368,601 Active 2030-01-31 US8423766B2 (en) 2005-08-26 2006-03-07 Authentication method, authentication apparatus, and computer product

Country Status (6)

Country Link
US (1) US8423766B2 (en)
EP (1) EP1758044A3 (en)
JP (1) JP4436294B2 (en)
KR (1) KR20070024332A (en)
CN (1) CN1921387A (en)
TW (1) TWI312632B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070233091A1 (en) * 2006-02-23 2007-10-04 Naifeh Bill R Multi-level spherical linkage implant system
US8025681B2 (en) * 2006-03-29 2011-09-27 Theken Spine, Llc Dynamic motion spinal stabilization system
JP2009171253A (en) * 2008-01-16 2009-07-30 Trinity Security Systems Inc Key sharing method, authentication method, authentication program, recording medium, and communication system
JP2009253650A (en) * 2008-04-04 2009-10-29 N-Crypt Lab Inc Transmission and reception system, transmission device, reception device, authentication device, user device, method executed by those, and program
JP2010056673A (en) * 2008-08-26 2010-03-11 Tss Lab:Kk Authentication processing method, authentication processing program, recording medium, and authentication processing system
US8621212B2 (en) * 2009-12-22 2013-12-31 Infineon Technologies Ag Systems and methods for cryptographically enhanced automatic blacklist management and enforcement
US8630411B2 (en) 2011-02-17 2014-01-14 Infineon Technologies Ag Systems and methods for device and data authentication
JP6340273B2 (en) * 2014-07-07 2018-06-06 株式会社総合車両製作所 Authentication system
JP5963382B1 (en) * 2015-10-02 2016-08-03 株式会社Pips One-time authentication system
JP7161416B2 (en) * 2018-01-26 2022-10-26 明宏 清水 Authentication system, authenticated device, authentication device, authentication method, and program
CN113472847B (en) * 2021-05-28 2023-04-07 济南浪潮数据技术有限公司 Method, system, device and medium for filtering invalid users

Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061799A (en) * 1997-10-31 2000-05-09 International Business Machines Corp. Removable media for password based authentication in a distributed system
US6115472A (en) * 1996-09-11 2000-09-05 Nippon Telegraph And Telephone Corporation Contents transmission control method with user authentication functions and recording medium with the method recorded thereon
US6148404A (en) * 1997-05-28 2000-11-14 Nihon Unisys, Ltd. Authentication system using authentication information valid one-time
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
US20020056040A1 (en) * 2000-08-10 2002-05-09 Timothy J. Simms System and method for establishing secure communication
US20020087860A1 (en) * 2000-10-20 2002-07-04 David William Kravitz Cryptographic data security system and method
US20020091932A1 (en) * 2001-01-10 2002-07-11 Ntt Advanced Technology Corporation Qualification authentication method using variable authentication information
US6434700B1 (en) 1998-12-22 2002-08-13 Cisco Technology, Inc. Authentication and authorization mechanisms for Fortezza passwords
US20030097567A1 (en) 1997-08-05 2003-05-22 Taro Terao Device and method for authenticating user's access rights to resources
US20040006713A1 (en) * 2002-07-08 2004-01-08 Matsushita Electric Industrial Co., Ltd. Device authentication system
US6751733B1 (en) * 1998-09-11 2004-06-15 Mitsubishi Denki Kabushiki Kaisha Remote authentication system
US20050033957A1 (en) * 2003-06-25 2005-02-10 Tomoaki Enokida Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
US20050100166A1 (en) * 2003-11-10 2005-05-12 Parc Inc. Systems and methods for authenticating communications in a network medium
US6912653B2 (en) 2001-01-23 2005-06-28 Erika Monika Gohl Authenticating communications
US20050216737A1 (en) * 2004-03-26 2005-09-29 Sangikyo Corporation Authentication system
US20050228994A1 (en) * 2004-04-13 2005-10-13 Hitachi, Ltd. Method for encryption backup and method for decryption restoration
US20050232415A1 (en) * 2004-02-05 2005-10-20 Little Herbert A On-chip storage, creation, and manipulation of an encryption key
US20060041759A1 (en) * 2004-07-02 2006-02-23 Rsa Security, Inc. Password-protection module
US20060080743A1 (en) * 2004-10-13 2006-04-13 Microsoft Corporation Secure image authentication with discrete level tamper localization
US20060126835A1 (en) * 2004-12-13 2006-06-15 Kim Kwang O High-speed GCM-AES block cipher apparatus and method
US20060143453A1 (en) * 2002-06-19 2006-06-29 Secured Communications, Inc Inter-authentication method and device
US7234057B2 (en) * 2000-08-28 2007-06-19 Lg-Nortel Co., Ltd. Method for processing access-request message for packet service
US7325133B2 (en) * 2003-10-07 2008-01-29 Koolspan, Inc. Mass subscriber management
US7607012B2 (en) * 2003-10-01 2009-10-20 Nokia Corporation Method for securing a communication
US7844818B2 (en) * 2004-01-06 2010-11-30 Samsung Electronics Co., Ltd. Authentication apparatus and method for home network devices

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005246506A (en) 2004-03-02 2005-09-15 Nitto Seimitsu Kogyo Kk Nick flute structure and nick flute forming method for broaching tool

Patent Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6115472A (en) * 1996-09-11 2000-09-05 Nippon Telegraph And Telephone Corporation Contents transmission control method with user authentication functions and recording medium with the method recorded thereon
US6148404A (en) * 1997-05-28 2000-11-14 Nihon Unisys, Ltd. Authentication system using authentication information valid one-time
US20030097567A1 (en) 1997-08-05 2003-05-22 Taro Terao Device and method for authenticating user's access rights to resources
US6061799A (en) * 1997-10-31 2000-05-09 International Business Machines Corp. Removable media for password based authentication in a distributed system
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
US6751733B1 (en) * 1998-09-11 2004-06-15 Mitsubishi Denki Kabushiki Kaisha Remote authentication system
US6434700B1 (en) 1998-12-22 2002-08-13 Cisco Technology, Inc. Authentication and authorization mechanisms for Fortezza passwords
US20020056040A1 (en) * 2000-08-10 2002-05-09 Timothy J. Simms System and method for establishing secure communication
US7234057B2 (en) * 2000-08-28 2007-06-19 Lg-Nortel Co., Ltd. Method for processing access-request message for packet service
US20020087860A1 (en) * 2000-10-20 2002-07-04 David William Kravitz Cryptographic data security system and method
US20020091932A1 (en) * 2001-01-10 2002-07-11 Ntt Advanced Technology Corporation Qualification authentication method using variable authentication information
US6912653B2 (en) 2001-01-23 2005-06-28 Erika Monika Gohl Authenticating communications
US20060143453A1 (en) * 2002-06-19 2006-06-29 Secured Communications, Inc Inter-authentication method and device
US20040006713A1 (en) * 2002-07-08 2004-01-08 Matsushita Electric Industrial Co., Ltd. Device authentication system
US20050033957A1 (en) * 2003-06-25 2005-02-10 Tomoaki Enokida Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
US7607012B2 (en) * 2003-10-01 2009-10-20 Nokia Corporation Method for securing a communication
US7325133B2 (en) * 2003-10-07 2008-01-29 Koolspan, Inc. Mass subscriber management
US20050100166A1 (en) * 2003-11-10 2005-05-12 Parc Inc. Systems and methods for authenticating communications in a network medium
US7844818B2 (en) * 2004-01-06 2010-11-30 Samsung Electronics Co., Ltd. Authentication apparatus and method for home network devices
US20050232415A1 (en) * 2004-02-05 2005-10-20 Little Herbert A On-chip storage, creation, and manipulation of an encryption key
US20050216737A1 (en) * 2004-03-26 2005-09-29 Sangikyo Corporation Authentication system
US20050228994A1 (en) * 2004-04-13 2005-10-13 Hitachi, Ltd. Method for encryption backup and method for decryption restoration
US20060041759A1 (en) * 2004-07-02 2006-02-23 Rsa Security, Inc. Password-protection module
US20060080743A1 (en) * 2004-10-13 2006-04-13 Microsoft Corporation Secure image authentication with discrete level tamper localization
US20060126835A1 (en) * 2004-12-13 2006-06-15 Kim Kwang O High-speed GCM-AES block cipher apparatus and method

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
Chien et al, "An Efficient and Practical Solution to Remote Authentication: Smart Card", Computers & Security, vol. 21, Issue 4, Aug. 1, 2002, pp. 372-375. *
Chih-Wei Lin et al., Security Enhancement for Optimal Strong-Password Authentication Protocol, ACM SIGOPS Operating Systems Review, Apr. 2003, vol. 37, No. 2, pp. 7-12.
Jablon, Strong password-only authenticated key exchange, Oct. 1996, ACM SIGCOMM Computer Communication Review , vol. 26 , Issue 5 , pp. 5-26. *
Lin et al, "Security enhancement for Optimal Strong-Password Authentication protocol", Apr. 2003, ACM SIGOPS Operating Systems Review, vol. 37 , Issue 2, pp. 7-12. *
T. Tsuji et al., "Simple and Secure Password Authentication Protocol, Ver. 2 (SAS-2)," The Institute of Electronics, Information and Communication Engineers, Technical Report of IEICE, 01S2002-30, IE2002-64 (Sep. 2002), pp. 7-11.
Ya-Fen Chang et al., A Secure and Efficient Strong-Password Authentication Protocol, ACM SIGOPS Operating Systems Review, Jul. 2004, vol. 38, No. 3, pp. 79-90.

Also Published As

Publication number Publication date
KR20070024332A (en) 2007-03-02
TW200709639A (en) 2007-03-01
US20070050631A1 (en) 2007-03-01
JP2007060568A (en) 2007-03-08
EP1758044A3 (en) 2009-10-07
JP4436294B2 (en) 2010-03-24
EP1758044A2 (en) 2007-02-28
TWI312632B (en) 2009-07-21
CN1921387A (en) 2007-02-28

Similar Documents

Publication Publication Date Title
US8423766B2 (en) Authentication method, authentication apparatus, and computer product
CN100454274C (en) Safty printing using secrete key after being checked
KR101130415B1 (en) A method and system for recovering password protected private data via a communication network without exposing the private data
CN101601049B (en) Biometric security system and method
CN102217277B (en) Method and system for token-based authentication
US6430688B1 (en) Architecture for web-based on-line-off-line digital certificate authority
TWI454111B (en) Techniques for ensuring authentication and integrity of communications
US8321924B2 (en) Method for protecting software accessible over a network using a key device
WO2022041806A1 (en) Authentication method, apparatus and device, and computer-readable storage medium
US20080209231A1 (en) Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method
CN110719173B (en) Information processing method and device
KR20070112115A (en) File encryption/decryption method, device, program, and computer-readable recording medium containing the program
JP2009541817A (en) Single sign-on between systems
CN112434336A (en) Block chain-based electronic medical record sharing method, device and system and storage medium
US8392723B2 (en) Information processing apparatus and computer readable medium for preventing unauthorized operation of a program
US20200089867A1 (en) System and method for authentication
JP3992396B2 (en) Electronic document management apparatus, electronic document management method, and computer-readable recording medium storing program for causing computer to execute the method
KR102070248B1 (en) User authentication apparatus supporting secure storage of private key and operating method thereof
JP4703668B2 (en) Content transfer method
KR20110114990A (en) Apparatus and method for securing a keyboard
KR20190048422A (en) System and method for authentication
KR20180058996A (en) System and method for providing electronic signature service
KR100559152B1 (en) Method and apparatus for maintaining the security of contents
CN116912985B (en) Door lock control method, device, system, equipment and medium based on dynamic password
JP4219076B2 (en) Electronic document management method, electronic document management system, and recording medium

Legal Events

Date Code Title Description
AS Assignment

Owner name: TRINITY SECURITY SYSTEMS, INC., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SHIMIZU, AKIHIRO;TSUJI, TAKASUKE;REEL/FRAME:017616/0994

Effective date: 20060221

AS Assignment

Owner name: TRINITY SECURITY SYSTEMS, INC., JAPAN

Free format text: CHANGE OF ADDRESS;ASSIGNOR:TRINITY SECURITY SYSTEMS, INC.;REEL/FRAME:023154/0204

Effective date: 20090514

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: TSS LINK, INC, JAPAN

Free format text: MERGER;ASSIGNOR:TRINITY SECURITY SYSTEMS, INC.;REEL/FRAME:037335/0600

Effective date: 20140401

Owner name: SHIMIZU, AKIHIRO, MR, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TSS LINK, INC;REEL/FRAME:037335/0616

Effective date: 20151001

Owner name: TSS LINK, INC, JAPAN

Free format text: ADDRESS CHANGE;ASSIGNOR:TSS LINK, INC;REEL/FRAME:037337/0026

Effective date: 20140401

Owner name: KOCHI UNIVERSITY OF TECHNOLOGY, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TSS LINK, INC;REEL/FRAME:037335/0616

Effective date: 20151001

Owner name: TSS LINK, INC, JAPAN

Free format text: ADDRESS CHANGE;ASSIGNOR:TSS LINK, INC;REEL/FRAME:037337/0023

Effective date: 20140501

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8